Add Service Account annotation support (!211) · Merge requests · GitLab.org / charts / GitLab Runner

David Rosson requested to merge davidrosson/gitlab-runner:service-account-annotation-support into master Mar 06, 2020

Add the ability to inject annotations into the RBAC-created Service Account. This is useful for e.g. enabling AWS IAM Roles for Service Accounts (IRSA), when running GitLab Runners on AWS EKS. This capability allows simplified AWS IAM role assumption, where an annotation on the Service Account controls any associated Pods' ability to assume an IAM role without needing explicit AWS credential injection.

Reference: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html

Add Service Account annotation support

Merge request reports